On 11/6/10 2:06 PM, Alan Madill wrote: > I'm in the early stages of replacing a linux based router and VPN server and > I'm > hoping to get some suggestions on the best way to implement it using > Shorewall. > I've used Shorewall before on a half dozen routers and I can work my way > through > the man pages and howtos. I just don't wish to start off with the wrong > strategy. > > Router has two ethernet i/f's, eth0 connected to the Internet and eth1 > connected > to a tagged VLAN fiber backbone. > > Zone's > - corporate - VLAN2 and VLAN3 - two subnets to different buildings with > routing > between them. Default gateway for the corporate WAN is a router on VLAN2. > - industrial - VLAN4 and VLAN5 - two subnets to different buildings with > routing > between them. > - internet - PopTop pptpd server on router so that outside systems (limited > by > an extensive ACL) can connect to the industrial zone. Also a ssh server > protected by the same ACL. > > No communication between corporate and industrial zones required but it might > be > nice to be able to reach the time server on the DC on VLAN2 from the > industrial > zone. I think I could do that with DNAT. > > Dhcp relay running on the router to relay dhcp requests from VLAN3 to the DC > on > VLAN2. > > The system that we are replacing used to be the main NAT router to the > Internet > for the corporate side. As such it has it's default gateway on the Internet > and > a large routing table to direct anything on the corporate side out via the > WAN > router. This is a pain to maintain. I'd rather have the WAN router be the > default. >
If your routing environment is that complex, then: a) Shorewall will never be a solution to your problem. b) You need to implement a routing protocol internally. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ The Next 800 Companies to Lead America's Growth: New Video Whitepaper David G. Thomson, author of the best-selling book "Blueprint to a Billion" shares his insights and actions to help propel your business during the next growth cycle. Listen Now! http://p.sf.net/sfu/SAP-dev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
